US2019238334A1PendingUtilityA1

Communication system, communication client, communication server, communication method, and program

39
Assignee: NTI INCPriority: Aug 4, 2016Filed: Aug 4, 2017Published: Aug 1, 2019
Est. expiryAug 4, 2036(~10.1 yrs left)· nominal 20-yr term from priority
H04L 63/0428H04L 9/32G09C 1/00G06F 21/44H04L 9/088H04L 9/30H04L 9/08G06F 21/606
39
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A technique of encrypted communications is proposed to provide stronger defense against an attack from a third party, in particular, an MITMA than in SSL communications. A client and a server each have the function of generating the same solution under the same conditions. The client generates a first solution (S 1002 ) and transmits the solution to the server (S 1003 ). When receiving the solution, the server generates a solution (S 2002 ) and authenticates the client if the solution agrees with the solution received from the client (S 2003 ). The server encrypts the common key of the server by using a second solution as a key (S 2005 ) and transmits the common key to the client. The client generates a second solution and decrypts the encrypted common key by using the solution as a key (S 1007 ). The server and the client perform encrypted communications with the shared common key in a common key system.

Claims

exact text as granted — not AI-modified
1 . (canceled) 
     
     
         2 . A communication method implemented by a second communication device of an encrypted communication system comprising a first communication device and the second communication device, each being connectable to a predetermined network and including solution generating means capable of successively generating identical solutions under common conditions,
 wherein the method implemented by the second communication device comprises the steps of:   generating the solution by the solution generating means and transmitting the solution to the first communication device via the network;   receiving an encrypted common key from the first communication device via the network after the first communication device receives the solution from the second communication device via the network, generates the solution by the solution generating means, compares the solution generated by the solution generating means of the first communication device and the solution received from the second communication device, and authenticates the second communication device if the solutions agree with each other, and the first communication device generates, if the first communication device authenticates the second communication device, the second or subsequent solution by the solution generating means and encrypts the common key of the first communication device by using the second or subsequent solution generated under predetermined conditions;   generating the second or subsequent solution by the solution generating means and decrypting the encrypted common key by using the second or subsequent solution generated under the predetermined conditions, the common key being decrypted using an algorithm identical to an algorithm for encrypting the common key by the first communication device; and   performing encrypted communications in a common key system with the first communication device by using the common key shared between the first communication device and the second communication device in the above-mentioned steps.   
     
     
         3 . (canceled) 
     
     
         4 . A communication method implemented by a first communication device of an encrypted communication system comprising the first communication device and a second communication device, each being connectable to a predetermined network and including solution generating means capable of successively generating identical solutions under common conditions,
 wherein the method implemented by the first communication device comprises the steps of:   receiving the solution which was generated by the solution generating means of the second communication device and is transmitted via the network;   generating the solution by the solution generating means of the first communication device, comparing the solution generated by the solution generating means of the first communication device and the solution received from the second communication device, and authenticating the second communication device if the solutions agree with each other;   generating, if the first communication device authenticates the second communication device, the second or subsequent solution by the solution generating means and encrypting a common key of the first communication device by using the second or subsequent solution generated under predetermined conditions;   transmitting the encrypted common key from the first communication device to the second communication device via the network; and   performing encrypted communications in a common key system with the second communication device by using the common key shared between the first communication device and the second communication device by decrypting the encrypted common key, the second communication device generating, after receiving the encrypted common key, the second or subsequent solution by the solution generating means and decrypting the encrypted common key by using the second or subsequent solution generated under the predetermined conditions, the common key being decrypted using an algorithm identical to an algorithm for encrypting the common key by the first communication device.   
     
     
         5 . (canceled) 
     
     
         6 . A second communication device connectable to a predetermined network so as to constitute an encrypted communication system in combination with a first communication device connectable to the network, the first communication device comprising: first communication device solution generating means capable of successively generating solutions, first communication device first encryption/decryption means capable of encryption using the solution generated by the first communication device solution generating means, authentication means, and first communication device second encryption/decryption means capable of encryption and decryption in a common key system using a common key,
 the second communication device comprising:   second communication device solution generating means capable of successively generating solutions identical to solutions generated by the first communication device solution generating means under common conditions;   second communication device first encryption/decryption means capable of decryption using the solution generated by the second communication device solution generating means, the decryption being identical to decryption performed by the first communication device first encryption/decryption means if the same solution is used; and   second communication device second encryption/decryption means capable of encryption and decryption in the common key system with the common key,   wherein the solution generated by the second communication device solution generating means is transmitted to the first communication device via the network,   wherein the first communication device receives the solution from the second communication device via the network, generates the solution by means of the first communication device solution generating means, compares the solution generated by the first communication device solution generating means and the solution received from the second communication device, and authenticates the second communication device by means of the authentication unit if the solutions agree with each other, the first communication device solution generating means generates, if the authentication unit authenticates the second communication device, the second or subsequent solution, the first communication device encrypts the common key of the first communication device by means of the first communication device first encryption/decryption means by using the second or subsequent solution generated by the first communication device solution generating means under predetermined conditions, and the first communication device transmits the encrypted common key to the second communication device via the network,   the second communication device generates the second or subsequent solution by means of the second communication device solution generating means and decrypts the encrypted common key received from the first communication device by means of the second communication device first encryption/decryption means by using the second or subsequent solution generated by the second communication device solution generating means under the predetermined conditions, and   by using the common key shared between the first communication device and the second communication device in the above-mentioned steps, the first communication device second encryption/decryption means encrypts and decrypts data to be transmitted and received and the second communication device second encryption/decryption means encrypts and decrypts data to be transmitted and received, enabling encrypted communications with the first communication device in the common key system.   
     
     
         7 . (canceled) 
     
     
         8 . A first communication device connectable to a predetermined network so as to constitute an encrypted communication system in combination with a second communication device connectable to the network, the second communication device comprising: second communication device solution generating means capable of successively generating solutions, second communication device first encryption/decryption means capable of decryption using the solution generated by the second communication device solution generating means, and second communication device second encryption/decryption means capable of encryption and decryption in a common key system using a common key, the second communication device transmitting the solution generated by the second communication device solution generating means to the first communication device via the network,
 the first communication device comprising:   first communication device solution generating means capable of successively generating solutions identical to solutions generated by the second communication device solution generating means under common conditions;   first communication device first encryption/decryption means capable of encryption using the solution generated by the first communication device solution generating means, the encryption being identical to encryption performed by the second communication device first encryption/decryption means if the same solution is used;   first communication device second encryption/decryption means capable of encryption and decryption in the common key system with the common key; and   authentication means configured to compare the solution generated by the first communication device solution generating means and the solution received from the second communication device and authenticate the second communication device if the solutions agree with each other,   wherein the first communication device solution generating means generates the second or subsequent solution if the authentication means authenticates the second communication device, the common key of the first communication device is encrypted by the first communication device first encryption/decryption means by using the second or subsequent solution generated by the first communication device solution generating means under the predetermined conditions, and the encrypted common key is transmitted to the second communication device via the network,   the second communication device generates the second or subsequent solution by means of the second communication device solution generating means and decrypts the encrypted common key received from the first communication device by means of the second communication device first encryption/decryption means by using the second or subsequent solution generated by the second communication device solution generating means under the predetermined conditions, and   by using the common key shared between the first communication device and the second communication device in the above-mentioned steps, the first communication device second encryption/decryption means encrypts and decrypts data to be transmitted and received and the second communication device second encryption/decryption means encrypts and decrypts data to be transmitted and received, enabling encrypted communications with the second communication device in the common key system.   
     
     
         9 . (canceled) 
     
     
         10 . A computer program for enabling a computer to act as a second communication device of an encrypted communication system comprising a first communication device and the second communication device, each being connectable to a predetermined network and including solution generating means capable of successively generating identical solutions under common conditions,
 the computer program enabling the computer to perform the steps of:   generating the solution by the solution generating means and transmitting the solution to the first communication device via the network;   receiving an encrypted common key from the first communication device via the network after the first communication device receives the solution from the second communication device via the network, generates the solution by the solution generating means, compares the solution generated by the solution generating means of the first communication device and the solution received from the second communication device, and authenticates the second communication device if the solutions agree with each other, and the first communication device generates, if the first communication device authenticates the second communication device, the second or subsequent solution by the solution generating means and encrypts the common key of the first communication device by using the second or subsequent solution generated under predetermined conditions;   generating the second or subsequent solution by the solution generating means and decrypting the encrypted common key by using the second or subsequent solution generated under the predetermined conditions; and   performing encrypted communications in a common key system with the first communication device by using the common key shared between the first communication device and the second communication device in the above-mentioned steps.   
     
     
         11 . (canceled) 
     
     
         12 . A computer program for enabling a computer to act as a first communication device of an encrypted communication system comprising the first communication device and a second communication device, each being connectable to a predetermined network and including solution generating means capable of successively generating identical solutions under common conditions,
 the computer program enabling the computer to perform the steps of:   receiving the solution which was generated by the solution generating means of the second communication device and is transmitted via the network;   generating the solution by the solution generating means of the first communication device, comparing the solution generated by the solution generating means of the first communication device and the solution received from the second communication device, and authenticating the second communication device if the solutions agree with each other;   generating, if the first communication device authenticates the second communication device, the second or subsequent solution by the solution generating means and encrypting a common key of the first communication device by using the second or subsequent solution generated under predetermined conditions;   transmitting the encrypted common key from the first communication device to the second communication device via the network; and   performing encrypted communications in a common key system with the second communication device by using the common key shared between the first communication device and the second communication device, the second communication device generating, after receiving the encrypted common key, the second or subsequent solution by the solution generating means and decrypting the encrypted common key by using the second or subsequent solution generated under the predetermined conditions.   
     
     
         13 - 19 . (canceled) 
     
     
         20 . The communication method according to  claim 2 , wherein the multiple solutions generated by the solution generating means of the first communication device are used by the first communication device in order to perform processing for encrypting the common key of the first communication device, and
 the multiple solutions generated by the solution generating means of the second communication device are used by the second communication device in order to perform processing for decrypting the encrypted common key.   
     
     
         21 . (canceled) 
     
     
         22 . The communication method according to  claim 4 , wherein the multiple solutions generated by the solution generating means of the first communication device are used by the first communication device in order to perform processing for encrypting the common key of the first communication device, and
 the multiple solutions generated by the solution generating means of the second communication device are used by the second communication device in order to perform processing for decrypting the encrypted common key.   
     
     
         23 . (canceled) 
     
     
         24 . The computer program according to  claim 10 , wherein on the computer constituting the second communication device, encryption and decryption in encrypted communications in the common key system are performed between a TCP/IP and a predetermined application for handling plain text data to be encrypted on the computer, and
 a plain text to be encrypted and transmitted to the first communication device is generated by the application and is transmitted to the TCP/IP, and encrypted data that is transmitted from the first communication device and is transmitted from the TCP/IP is decrypted into a plain text and then is transmitted to the application.   
     
     
         25 . The computer program according to  claim 12 ,  13 , or  19 , wherein on the computer constituting the first communication device, encryption and decryption in encrypted communications in the common key system are performed between a TCP/IP and a predetermined application for handling plain text data to be encrypted on the computer, and
 a plain text to be encrypted and transmitted to the first communication device is generated by the application and is transmitted to the TCP/IP, and encrypted data that is transmitted from the second communication device and is transmitted from the TCP/IP is decrypted into a plain text and then is transmitted to the application.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.